This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 13a38f001 Updates stage by Jenkins
13a38f001 is described below
commit 13a38f001b2f6df7fc275c91ae1f75a10b9ff0dc
Author: jenkins <bui...@apache.org>
AuthorDate: Mon Jan 29 18:17:40 2024 +0000
Updates stage by Jenkins
---
content/core-developers/basic-validation.html | 3 +
content/core-developers/client-validation.html | 3 +
content/core-developers/conversion-validator.html | 3 +-
.../core-developers/file-upload-interceptor.html | 3 +
content/core-developers/file-upload.html | 9 +++
.../type-conversion-annotation.html | 4 ++
content/core-developers/type-conversion.html | 2 +
.../using-non-field-validators.html | 3 +
.../using-visitor-field-validator.html | 1 +
content/core-developers/validation-annotation.html | 1 +
content/core-developers/validation.html | 1 +
content/core-developers/wildcard-mappings.html | 2 +
content/getting-started/coding-actions.html | 4 +-
content/getting-started/processing-forms.html | 19 ++++--
content/plugins/junit/index.html | 1 +
.../plugins/portlet/struts-2-portlet-tutorial.html | 10 ++-
content/security/index.html | 79 +++++++++++++++++++++-
17 files changed, 139 insertions(+), 9 deletions(-)
diff --git a/content/core-developers/basic-validation.html
b/content/core-developers/basic-validation.html
index 8df18d572..1da220948 100644
--- a/content/core-developers/basic-validation.html
+++ b/content/core-developers/basic-validation.html
@@ -215,6 +215,7 @@
<span class="k">return</span> <span class="n">name</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
@@ -223,6 +224,7 @@
<span class="k">return</span> <span class="n">age</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setAge</span><span class="o">(</span><span class="kt">int</span>
<span class="n">age</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">age</span> <span class="o">=</span> <span class="n">age</span><span
class="o">;</span>
<span class="o">}</span>
@@ -231,6 +233,7 @@
<span class="k">return</span> <span
class="n">answer</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setAnswer</span><span class="o">(</span><span
class="nc">String</span> <span class="n">answer</span><span class="o">)</span>
<span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">answer</span> <span class="o">=</span> <span
class="n">answer</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/client-validation.html
b/content/core-developers/client-validation.html
index c922bc167..6b770499f 100644
--- a/content/core-developers/client-validation.html
+++ b/content/core-developers/client-validation.html
@@ -212,6 +212,7 @@
<span class="k">return</span> <span class="n">name</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
@@ -220,6 +221,7 @@
<span class="k">return</span> <span class="n">age</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setAge</span><span class="o">(</span><span class="kt">int</span>
<span class="n">age</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">age</span> <span class="o">=</span> <span class="n">age</span><span
class="o">;</span>
<span class="o">}</span>
@@ -228,6 +230,7 @@
<span class="k">return</span> <span
class="n">answer</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setAnswer</span><span class="o">(</span><span
class="nc">String</span> <span class="n">answer</span><span class="o">)</span>
<span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">answer</span> <span class="o">=</span> <span
class="n">answer</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/conversion-validator.html
b/content/core-developers/conversion-validator.html
index 2769f41f2..3c07fa73d 100644
--- a/content/core-developers/conversion-validator.html
+++ b/content/core-developers/conversion-validator.html
@@ -228,7 +228,8 @@ property set to true, it will, meaning the textfield will
have ‘one’ as its
<span class="kd">public</span> <span class="nc">Integer</span> <span
class="nf">getMyIntegerField</span><span class="o">()</span> <span
class="o">{</span>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">myIntegerField</span><span
class="o">;</span>
<span class="o">}</span>
-
+
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setMyIntegerField</span><span class="o">(</span><span
class="nc">Integer</span> <span class="n">myIntegerField</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">myIntegerField</span> <span class="o">=</span> <span
class="n">myIntegerField</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/file-upload-interceptor.html
b/content/core-developers/file-upload-interceptor.html
index 514c6ede1..7aa55be6a 100644
--- a/content/core-developers/file-upload-interceptor.html
+++ b/content/core-developers/file-upload-interceptor.html
@@ -239,14 +239,17 @@ and which are not.</p>
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">contentType</span><span class="o">;</span>
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">filename</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUpload</span><span class="o">(</span><span class="nc">File</span>
<span class="n">file</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">file</span> <span class="o">=</span> <span
class="n">file</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadContentType</span><span class="o">(</span><span
class="nc">String</span> <span class="n">contentType</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">contentType</span> <span class="o">=</span> <span
class="n">contentType</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadFileName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">filename</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">filename</span> <span class="o">=</span> <span
class="n">filename</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/file-upload.html
b/content/core-developers/file-upload.html
index c9d2e8274..124b60edf 100644
--- a/content/core-developers/file-upload.html
+++ b/content/core-developers/file-upload.html
@@ -264,14 +264,17 @@ class. For a form field named <code
class="language-plaintext highlighter-rouge"
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">contentType</span><span class="o">;</span>
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">filename</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUpload</span><span class="o">(</span><span class="nc">File</span>
<span class="n">file</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">file</span> <span class="o">=</span> <span
class="n">file</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadContentType</span><span class="o">(</span><span
class="nc">String</span> <span class="n">contentType</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">contentType</span> <span class="o">=</span> <span
class="n">contentType</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadFileName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">filename</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">filename</span> <span class="o">=</span> <span
class="n">filename</span><span class="o">;</span>
<span class="o">}</span>
@@ -363,6 +366,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploads</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUpload</span><span class="o">(</span><span
class="nc">File</span><span class="o">[]</span> <span
class="n">upload</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploads</span> <span class="o">=</span> <span
class="n">upload</span><span class="o">;</span>
<span class="o">}</span>
@@ -371,6 +375,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploadFileNames</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadFileName</span><span class="o">(</span><span
class="nc">String</span><span class="o">[]</span> <span
class="n">uploadFileName</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploadFileNames</span> <span class="o">=</span> <span
class="n">uploadFileName</span><span class="o">;</span>
<span class="o">}</span>
@@ -379,6 +384,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploadContentTypes</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadContentType</span><span class="o">(</span><span
class="nc">String</span><span class="o">[]</span> <span
class="n">uploadContentType</span><span class="o">)</span> <span
class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploadContentTypes</span> <span class="o">=</span> <span
class="n">uploadContentType</span><span class="o">;</span>
<span class="o">}</span>
@@ -408,6 +414,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploads</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUpload</span><span class="o">(</span><span
class="nc">List</span><span class="o"><</span><span
class="nc">File</span><span class="o">></span> <span
class="n">uploads</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploads</span> <span class="o">=</span> <span
class="n">uploads</span><span class="o">;</span>
<span class="o">}</span>
@@ -416,6 +423,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploadFileNames</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadFileName</span><span class="o">(</span><span
class="nc">List</span><span class="o"><</span><span
class="nc">String</span><span class="o">></span> <span
class="n">uploadFileNames</span><span class="o">)</span> <span
class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploadFileNames</span> <span class="o">=</span> <span
class="n">uploadFileNames</span><span class="o">;</span>
<span class="o">}</span>
@@ -424,6 +432,7 @@ follow the below example.</p>
<span class="k">return</span> <span class="k">this</span><span
class="o">.</span><span class="na">uploadContentTypes</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUploadContentType</span><span class="o">(</span><span
class="nc">List</span><span class="o"><</span><span
class="nc">String</span><span class="o">></span> <span
class="n">contentTypes</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">uploadContentTypes</span> <span class="o">=</span> <span
class="n">contentTypes</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/type-conversion-annotation.html
b/content/core-developers/type-conversion-annotation.html
index 544e1b424..84c959fe0 100644
--- a/content/core-developers/type-conversion-annotation.html
+++ b/content/core-developers/type-conversion-annotation.html
@@ -240,21 +240,25 @@ file within the classpath root. Set type to: <code
class="language-plaintext hig
<span class="kd">private</span> <span class="nc">HashMap</span> <span
class="n">keyValues</span> <span class="o">=</span> <span
class="kc">null</span><span class="o">;</span>
<span class="nd">@TypeConversion</span><span class="o">(</span><span
class="n">type</span> <span class="o">=</span> <span
class="nc">ConversionType</span><span class="o">.</span><span
class="na">APPLICATION</span><span class="o">)</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setConvertInt</span><span class="o">(</span> <span
class="nc">String</span> <span class="n">convertInt</span> <span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">convertInt</span> <span class="o">=</span> <span
class="n">convertInt</span><span class="o">;</span>
<span class="o">}</span>
<span class="nd">@TypeConversion</span><span class="o">(</span><span
class="n">converterClass</span> <span class="o">=</span> <span
class="nc">XWorkBasicConverter</span><span class="o">.</span><span
class="na">class</span><span class="o">)</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setConvertDouble</span><span class="o">(</span> <span
class="nc">String</span> <span class="n">convertDouble</span> <span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">convertDouble</span> <span class="o">=</span> <span
class="n">convertDouble</span><span class="o">;</span>
<span class="o">}</span>
<span class="nd">@TypeConversion</span><span class="o">(</span><span
class="n">rule</span> <span class="o">=</span> <span
class="nc">ConversionRule</span><span class="o">.</span><span
class="na">COLLECTION</span><span class="o">,</span> <span
class="n">converterClass</span> <span class="o">=</span> <span
class="nc">String</span><span class="o">.</span><span
class="na">class</span><span class="o">)</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUsers</span><span class="o">(</span> <span class="nc">List</span>
<span class="n">users</span> <span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">users</span> <span class="o">=</span> <span
class="n">users</span><span class="o">;</span>
<span class="o">}</span>
<span class="nd">@TypeConversion</span><span class="o">(</span><span
class="n">rule</span> <span class="o">=</span> <span
class="nc">ConversionRule</span><span class="o">.</span><span
class="na">MAP</span><span class="o">,</span> <span
class="n">converterClass</span> <span class="o">=</span> <span
class="nc">BigInteger</span><span class="o">.</span><span
class="na">class</span><span class="o">)</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setKeyValues</span><span class="o">(</span> <span
class="nc">HashMap</span> <span class="n">keyValues</span> <span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">keyValues</span> <span class="o">=</span> <span
class="n">keyValues</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/type-conversion.html
b/content/core-developers/type-conversion.html
index 5fe66bb8c..4940162a8 100644
--- a/content/core-developers/type-conversion.html
+++ b/content/core-developers/type-conversion.html
@@ -494,6 +494,7 @@ property. Otherwise, one element of the null <code
class="language-plaintext hig
<span class="kd">private</span> <span class="nc">List</span> <span
class="n">beanList</span> <span class="o">=</span> <span class="k">new</span>
<span class="nc">ArrayList</span><span class="o">();</span>
<span class="kd">private</span> <span class="nc">Map</span> <span
class="n">beanMap</span> <span class="o">=</span> <span class="k">new</span>
<span class="nc">HashMap</span><span class="o">();</span>
+ <span class="nd">@StrutsParameter</span><span class="o">(</span><span
class="n">depth</span> <span class="o">=</span> <span class="mi">2</span><span
class="o">)</span>
<span class="kd">public</span> <span class="nc">List</span> <span
class="nf">getBeanList</span><span class="o">()</span> <span class="o">{</span>
<span class="k">return</span> <span class="n">beanList</span><span
class="o">;</span>
<span class="o">}</span>
@@ -502,6 +503,7 @@ property. Otherwise, one element of the null <code
class="language-plaintext hig
<span class="k">this</span><span class="o">.</span><span
class="na">beanList</span> <span class="o">=</span> <span
class="n">beanList</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span><span class="o">(</span><span
class="n">depth</span> <span class="o">=</span> <span class="mi">2</span><span
class="o">)</span>
<span class="kd">public</span> <span class="nc">Map</span> <span
class="nf">getBeanMap</span><span class="o">()</span> <span class="o">{</span>
<span class="k">return</span> <span class="n">beanMap</span><span
class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/using-non-field-validators.html
b/content/core-developers/using-non-field-validators.html
index 55d02ff56..bf4b3b761 100644
--- a/content/core-developers/using-non-field-validators.html
+++ b/content/core-developers/using-non-field-validators.html
@@ -187,6 +187,7 @@
<span class="k">return</span> <span class="n">someText</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setSomeText</span><span class="o">(</span><span
class="nc">String</span> <span class="n">someText</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">someText</span> <span class="o">=</span> <span
class="n">someText</span><span class="o">;</span>
<span class="o">}</span>
@@ -195,6 +196,7 @@
<span class="k">return</span> <span
class="n">someTextRetype</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setSomeTextRetype</span><span class="o">(</span><span
class="nc">String</span> <span class="n">someTextRetype</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">someTextRetype</span> <span class="o">=</span> <span
class="n">someTextRetype</span><span class="o">;</span>
<span class="o">}</span>
@@ -203,6 +205,7 @@
<span class="k">return</span> <span
class="n">someTextRetypeAgain</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setSomeTextRetypeAgain</span><span class="o">(</span><span
class="nc">String</span> <span class="n">someTextRetypeAgain</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">someTextRetypeAgain</span> <span class="o">=</span> <span
class="n">someTextRetypeAgain</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/using-visitor-field-validator.html
b/content/core-developers/using-visitor-field-validator.html
index 55c452ec9..bbcbfedef 100644
--- a/content/core-developers/using-visitor-field-validator.html
+++ b/content/core-developers/using-visitor-field-validator.html
@@ -187,6 +187,7 @@
<span class="kd">private</span> <span class="nc">User</span> <span
class="n">user</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span><span class="o">(</span><span
class="n">depth</span> <span class="o">=</span> <span class="mi">1</span><span
class="o">)</span>
<span class="kd">public</span> <span class="nc">User</span> <span
class="nf">getUser</span><span class="o">()</span> <span class="o">{</span>
<span class="k">return</span> <span class="n">user</span><span
class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/validation-annotation.html
b/content/core-developers/validation-annotation.html
index 22c443507..c88c45264 100644
--- a/content/core-developers/validation-annotation.html
+++ b/content/core-developers/validation-annotation.html
@@ -194,6 +194,7 @@ is no longer necessary.</p>
<span class="nd">@RequiredFieldValidator</span><span
class="o">(</span><span class="n">type</span> <span class="o">=</span> <span
class="nc">ValidatorType</span><span class="o">.</span><span
class="na">FIELD</span><span class="o">,</span> <span class="n">message</span>
<span class="o">=</span> <span class="s">"You must enter a value for
bar."</span><span class="o">)</span>
<span class="nd">@IntRangeFieldValidator</span><span
class="o">(</span><span class="n">type</span> <span class="o">=</span> <span
class="nc">ValidatorType</span><span class="o">.</span><span
class="na">FIELD</span><span class="o">,</span> <span class="n">min</span>
<span class="o">=</span> <span class="s">"6"</span><span class="o">,</span>
<span class="n">max</span> <span class="o">=</span> <span
class="s">"10"</span><span class="o">,</span> <span class="n">message</span>
<span clas [...]
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setBar</span><span class="o">(</span><span class="kt">int</span>
<span class="n">bar</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">bar</span> <span class="o">=</span> <span class="n">bar</span><span
class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/validation.html
b/content/core-developers/validation.html
index ab41e0128..2cf7f8ceb 100644
--- a/content/core-developers/validation.html
+++ b/content/core-developers/validation.html
@@ -505,6 +505,7 @@ order is important as this mechanism uses <code
class="language-plaintext highli
<div class="language-java highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nd">@RequiredStringValidator</span><span
class="o">(</span><span class="n">key</span> <span class="o">=</span> <span
class="s">"errors.required"</span><span class="o">,</span> <span
class="n">messageParams</span> <span class="o">=</span> <span class="o">{</span>
<span class="s">"getText('username.field.name')"</span>
<span class="o">})</span>
+<span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUsername</span><span class="o">(</span><span
class="nc">String</span> <span class="n">username</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">username</span> <span class="o">=</span> <span
class="n">username</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/core-developers/wildcard-mappings.html
b/content/core-developers/wildcard-mappings.html
index fb66e87db..e94a1dadb 100644
--- a/content/core-developers/wildcard-mappings.html
+++ b/content/core-developers/wildcard-mappings.html
@@ -254,6 +254,8 @@ URL and extracted as parameters, for example:</p>
<div class="language-java highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nd">@Namespace</span><span
class="o">{</span><span class="s">"/users/{userID}"</span><span
class="o">);</span>
<span class="kd">public</span> <span class="kd">class</span> <span
class="nc">DetailsAction</span> <span class="n">exends</span> <span
class="nc">ActionSupport</span> <span class="o">{</span>
<span class="kd">private</span> <span class="nc">Long</span> <span
class="n">userID</span><span class="o">;</span>
+
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUserID</span><span class="o">(</span><span class="nc">Long</span>
<span class="n">userID</span><span class="o">)</span> <span
class="o">{...}</span>
<span class="o">}</span>
</code></pre></div></div>
diff --git a/content/getting-started/coding-actions.html
b/content/getting-started/coding-actions.html
index 2e627299c..6e6776c11 100644
--- a/content/getting-started/coding-actions.html
+++ b/content/getting-started/coding-actions.html
@@ -252,6 +252,7 @@ those form field values provided it has a public set method
that matches the for
<span class="k">return</span> <span class="n">userName</span><span
class="o">;</span>
<span class="o">}</span>
+<span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUserName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">userName</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">userName</span> <span class="o">=</span> <span
class="n">userName</span><span class="o">;</span>
<span class="o">}</span>
@@ -274,7 +275,8 @@ You should see the following page.</p>
<p><img src="attachments/coding_actions_form_submit_result.png"
alt="coding_actions_form_submit_result.png" /></p>
<p>When the form is submitted, Struts will call any set methods of the
HelloWorldAction class that match the form field
-names. So in this example method <code class="language-plaintext
highlighter-rouge">setUserName</code> was called and passed the value the user
entered in the <code class="language-plaintext
highlighter-rouge">userName</code> form field.</p>
+names and are annotated with <code class="language-plaintext
highlighter-rouge">@StrutsParameter</code>. So in this example method <code
class="language-plaintext highlighter-rouge">setUserName</code> was called and
passed the value
+the user entered in the <code class="language-plaintext
highlighter-rouge">userName</code> form field.</p>
<p>On the <code class="language-plaintext highlighter-rouge">index.jsp</code>
we also have a Struts 2 action link (see tutorial <a href="using-tags">Using
Struts 2 Tags</a>) that includes
a query string parameter: <code class="language-plaintext
highlighter-rouge">userName=Bruce+Phillips</code>. If you click on that link
you should see the following result:</p>
diff --git a/content/getting-started/processing-forms.html
b/content/getting-started/processing-forms.html
index 13af47e5c..d572d5194 100644
--- a/content/getting-started/processing-forms.html
+++ b/content/getting-started/processing-forms.html
@@ -276,7 +276,7 @@ then discuss some key points. Create a view page named
<code class="language-pla
<p>Note the four Struts 2 textfield tags. Each tag has a name value that
includes an attribute of the <code class="language-plaintext
highlighter-rouge">Person</code> class
(e.g. <code class="language-plaintext highlighter-rouge">firstName</code>).
The name attribute’s value also has a reference to an object called <code
class="language-plaintext highlighter-rouge">personBean</code>. This object is
of type <code class="language-plaintext highlighter-rouge">Person</code>. When
we create the Action class that handles this form submission, we’ll have to
specify that object
-in that Action class (see below).</p>
+in that Action class and annotate it (see below).</p>
<p>The complete name value, <code class="language-plaintext
highlighter-rouge">personBean.firstName</code>, instructs Struts 2 to use the
input value for that textfield as
the argument to the personBean object’s <code class="language-plaintext
highlighter-rouge">setFirstName</code> method. So if the user types “Bruce” in
the textfield that has
@@ -313,7 +313,8 @@ the Struts 2 framework. We need an Action class to process
this form. If you rec
<span class="k">return</span> <span class="no">SUCCESS</span><span
class="o">;</span>
<span class="o">}</span>
-
+
+ <span class="nd">@StrutsParameter</span><span class="o">(</span><span
class="n">depth</span> <span class="o">=</span> <span class="mi">1</span><span
class="o">)</span>
<span class="kd">public</span> <span class="nc">Person</span> <span
class="nf">getPersonBean</span><span class="o">()</span> <span
class="o">{</span>
<span class="k">return</span> <span class="n">personBean</span><span
class="o">;</span>
<span class="o">}</span>
@@ -325,8 +326,18 @@ the Struts 2 framework. We need an Action class to process
this form. If you rec
<span class="o">}</span>
</code></pre></div></div>
-<p>In the <code class="language-plaintext highlighter-rouge">Register</code>
class note that we’ve declared an attribute named <code
class="language-plaintext highlighter-rouge">personBean</code> of type <code
class="language-plaintext highlighter-rouge">Person</code> and there is a
public
-get and set method for this object.</p>
+<p>In the <code class="language-plaintext highlighter-rouge">Register</code>
class, note that we’ve declared an attribute named <code
class="language-plaintext highlighter-rouge">personBean</code> of type <code
class="language-plaintext highlighter-rouge">Person</code>, there are public
+getter and setter methods for this object, and the getter is annotated with
<code class="language-plaintext highlighter-rouge">@StrutsParameter(depth =
1)</code>.</p>
+
+<p>In the previous <a href="coding-actions">Coding Struts 2 Actions</a>
tutorial, we annotated the username <strong>setter</strong>,
+which took a simple String as its parameter type, with <code
class="language-plaintext highlighter-rouge">@StrutsParameter</code>. In this
example, we are using a “Bean”
+object (sometimes referred to as a DTO or model object) to encapsulate the
form data. When we choose to use a DTO
+instead of a primitive, String, or other TypeConverter supported object, we
must annotate the <strong>getter</strong>
+method instead, and also assign a depth corresponding to how deep the DTO
graph is. In this case, the <code class="language-plaintext
highlighter-rouge">Person</code> object
+does not have any further DTOs or collections within it, so a depth of 1 will
suffice.</p>
+
+<p>For more information on these annotations and their security implications,
please refer
+to <a
href="../security/index#defining-and-annotating-your-action-parameters">Security</a>.</p>
<p>The <code class="language-plaintext highlighter-rouge">Register</code>
class also overrides the <code class="language-plaintext
highlighter-rouge">execute</code> method. The <code class="language-plaintext
highlighter-rouge">execute</code> method is the one we will specify in the
<code class="language-plaintext highlighter-rouge">struts.xml</code> to be
called in response to the register action. In this example, the <code
class="language-plaintext highlighter-rouge">execute</code> method just returns
diff --git a/content/plugins/junit/index.html b/content/plugins/junit/index.html
index 8d8344063..8ef2f2eef 100644
--- a/content/plugins/junit/index.html
+++ b/content/plugins/junit/index.html
@@ -192,6 +192,7 @@ an action:</p>
<span class="k">return</span> <span class="n">name</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/plugins/portlet/struts-2-portlet-tutorial.html
b/content/plugins/portlet/struts-2-portlet-tutorial.html
index 5cab55578..40d89205a 100644
--- a/content/plugins/portlet/struts-2-portlet-tutorial.html
+++ b/content/plugins/portlet/struts-2-portlet-tutorial.html
@@ -324,10 +324,12 @@ If you have not used Struts 2 before, please check out
some of the other Struts
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">name</span><span class="o">;</span>
<span class="kd">private</span> <span class="nc">String</span> <span
class="n">url</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUrl</span><span class="o">(</span><span class="nc">String</span>
<span class="n">url</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">url</span> <span class="o">=</span> <span class="n">url</span><span
class="o">;</span>
<span class="o">}</span>
@@ -390,10 +392,12 @@ If you have not used Struts 2 before, please check out
some of the other Struts
<span class="kd">private</span> <span class="nc">PortletPreferences</span>
<span class="n">portletPreferences</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUrl</span><span class="o">(</span><span class="nc">String</span>
<span class="n">url</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">url</span> <span class="o">=</span> <span class="n">url</span><span
class="o">;</span>
<span class="o">}</span>
@@ -599,6 +603,7 @@ If you have not used Struts 2 before, please check out some
of the other Struts
<span class="kd">private</span> <span class="nc">PortletPreferences</span>
<span class="n">portletPreferences</span><span class="o">;</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setBookmarkName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">bookmarkName</span><span
class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">bookmarkName</span> <span class="o">=</span> <span
class="n">bookmarkName</span><span class="o">;</span>
<span class="o">}</span>
@@ -672,7 +677,8 @@ If you have not used Struts 2 before, please check out some
of the other Struts
<span class="kd">public</span> <span class="nc">String</span> <span
class="nf">getOldName</span><span class="o">()</span> <span class="o">{</span>
<span class="k">return</span> <span class="n">oldName</span><span
class="o">;</span>
<span class="o">}</span>
-
+
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setOldName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">oldName</span><span class="o">)</span>
<span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">oldName</span> <span class="o">=</span> <span
class="n">oldName</span><span class="o">;</span>
<span class="o">}</span>
@@ -681,10 +687,12 @@ If you have not used Struts 2 before, please check out
some of the other Struts
<span class="k">return</span> <span class="n">url</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setUrl</span><span class="o">(</span><span class="nc">String</span>
<span class="n">url</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">url</span> <span class="o">=</span> <span class="n">url</span><span
class="o">;</span>
<span class="o">}</span>
+ <span class="nd">@StrutsParameter</span>
<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
<span class="o">}</span>
diff --git a/content/security/index.html b/content/security/index.html
index 998d4b1cc..df53870e4 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -158,6 +158,7 @@
<li><a href="#disable-devmode" id="markdown-toc-disable-devmode">Disable
devMode</a></li>
<li><a href="#reduce-logging-level"
id="markdown-toc-reduce-logging-level">Reduce logging level</a></li>
<li><a href="#use-utf-8-encoding"
id="markdown-toc-use-utf-8-encoding">Use UTF-8 encoding</a></li>
+ <li><a href="#defining-and-annotating-your-action-parameters"
id="markdown-toc-defining-and-annotating-your-action-parameters">Defining and
annotating your Action parameters</a></li>
<li><a href="#do-not-define-setters-when-not-needed"
id="markdown-toc-do-not-define-setters-when-not-needed">Do not define setters
when not needed</a></li>
<li><a
href="#do-not-use-incoming-values-as-an-input-for-localisation-logic"
id="markdown-toc-do-not-use-incoming-values-as-an-input-for-localisation-logic">Do
not use incoming values as an input for localisation logic</a></li>
<li><a
href="#do-not-use-incoming-untrusted-user-input-in-forced-expression-evaluation"
id="markdown-toc-do-not-use-incoming-untrusted-user-input-in-forced-expression-evaluation">Do
not use incoming, untrusted user input in forced expression evaluation</a></li>
@@ -289,8 +290,79 @@ header to each JSP file</p>
<div class="language-jsp highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nt"><%@ page </span><span
class="na">contentType=</span><span class="s">"text/html; charset=UTF-8"</span>
<span class="nt">%></span>
</code></pre></div></div>
+<h3 id="defining-and-annotating-your-action-parameters">Defining and
annotating your Action parameters</h3>
+
+<blockquote>
+ <p>Note: Since 6.4 using <code class="language-plaintext
highlighter-rouge">struts.parameters.requireAnnotations=true</code>. Or by
default from 7.0.</p>
+</blockquote>
+
+<p>Request parameters, such as those submitted by a form, can be stored on
your Struts Action class by defining getters and
+setters for them. For example, if you have a form with a field called <code
class="language-plaintext highlighter-rouge">name</code>, you can store the
value of that field by
+defining a <code class="language-plaintext highlighter-rouge">public void
setName(String name)</code> method on your Action class, and then importantly,
annotating this method
+with <code class="language-plaintext
highlighter-rouge">@StrutsParameter</code>. The presence of this annotation
indicates that the method is intended for parameter injection
+and is safe to be invoked by any user who can view the Action.</p>
+
+<div class="language-java highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="kd">private</span> <span
class="nc">String</span> <span class="n">name</span><span class="o">;</span>
+
+<span class="nd">@StrutsParameter</span>
+<span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setName</span><span class="o">(</span><span class="nc">String</span>
<span class="n">name</span><span class="o">)</span> <span class="o">{</span>
+ <span class="k">this</span><span class="o">.</span><span
class="na">name</span> <span class="o">=</span> <span
class="n">name</span><span class="o">;</span>
+<span class="o">}</span>
+</code></pre></div></div>
+
+<p>If you wish to populate a DTO (Data Transfer Object) instead of setting the
parameters directly on the Action class, you
+can define a getter for the DTO on your Action class instead. For example,
define a method <code class="language-plaintext highlighter-rouge">public MyDto
getFormData()</code>
+which is also annotated by <code class="language-plaintext
highlighter-rouge">@StrutsParameter(depth = 1)</code>. Then, a parameter with
name <code class="language-plaintext
highlighter-rouge">formData.fullName</code> will be mapped
+to the setter <code class="language-plaintext
highlighter-rouge">setFullName</code> on that DTO. Note that the <code
class="language-plaintext highlighter-rouge">@StrutsParameter</code> annotation
has a <code class="language-plaintext highlighter-rouge">depth</code> field
which dictates
+the depth to which parameter injection is permitted. The default value is 0,
which only allows setting parameters
+directly on the Action class as in the first example. A <code
class="language-plaintext highlighter-rouge">depth</code> of 1 indicates that
the immediate public properties of
+an object returned by the getter are permitted to be set. If you have further
nested objects, you can increase
+the <code class="language-plaintext highlighter-rouge">depth</code>
accordingly. Do not set this <code class="language-plaintext
highlighter-rouge">depth</code> field to a value greater than the minimum
required for your use case.</p>
+
+<div class="language-java highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="kd">private</span> <span
class="nc">MyDto</span> <span class="n">formData</span> <span
class="o">=</span> <span class="k">new</span> <span
class="nc">MyDto</span><span class="o">();</span>
+
+<span class="nd">@StrutsParameter</span><span class="o">(</span><span
class="n">depth</span> <span class="o">=</span> <span class="mi">1</span><span
class="o">)</span>
+<span class="kd">public</span> <span class="nc">MyDto</span> <span
class="nf">getFormData</span><span class="o">()</span> <span class="o">{</span>
+ <span class="k">return</span> <span class="n">formData</span><span
class="o">;</span>
+<span class="o">}</span>
+
+<span class="kd">public</span> <span class="kd">static</span> <span
class="kd">class</span> <span class="nc">MyDto</span> <span class="o">{</span>
+ <span class="kd">private</span> <span class="nc">String</span> <span
class="n">fullName</span><span class="o">;</span>
+
+ <span class="kd">public</span> <span class="kt">void</span> <span
class="nf">setFullName</span><span class="o">(</span><span
class="nc">String</span> <span class="n">fullName</span><span
class="o">)</span> <span class="o">{</span>
+ <span class="k">this</span><span class="o">.</span><span
class="na">fullName</span> <span class="o">=</span> <span
class="n">fullName</span><span class="o">;</span>
+ <span class="o">}</span>
+<span class="o">}</span>
+</code></pre></div></div>
+
+<p>It is critical that any method you annotate with <code
class="language-plaintext highlighter-rouge">@StrutsParameter</code> is safe
for any user who can view that corresponding
+action to invoke (including any public methods on objects returned by that
method and so forth). Any getters you
+annotate should only ever return a DTO or a collection/hierarchy of DTOs. Do
NOT mix business logic or service
+references with your parameter injection methods and DTOs. Additionally, any
database DTOs should be entirely separate
+from request parameter/form DTOs.</p>
+
+<p>Do NOT under any circumstance, annotate a method that returns one of the
following unsafe objects:</p>
+<ul>
+ <li>live Hibernate persistent objects</li>
+ <li>container or Spring-managed beans, or any other live
components/services</li>
+ <li>objects (or objects that contain references to objects) that contain
setter methods that are used for anything other
+than setting form parameter values</li>
+</ul>
+
+<p>If you are finding updating your application with this new annotation
time-consuming, you can temporarily combine the
+above option with <code class="language-plaintext
highlighter-rouge">struts.parameters.requireAnnotations.transitionMode=true</code>.
When this mode is enabled, only ‘nested’
+parameters, i.e. DTOs or Collections represented by public getters on Action
classes, will require annotations. This
+means public setters will still be exposed for parameter injection. Notably,
+the <a href="#allowlist-capability">auto-allowlisting capability</a>, which is
also supported by these annotations, is not degraded
+in any way, so it proves a useful transitioning option for applications that
wish to enable the OGNL allowlist as soon
+as possible.</p>
+
<h3 id="do-not-define-setters-when-not-needed">Do not define setters when not
needed</h3>
+<blockquote>
+ <p>Note: Only relevant if you are not using <code class="language-plaintext
highlighter-rouge">struts.parameters.requireAnnotations=true</code> as per the
previous section.</p>
+</blockquote>
+
<p>You should carefully design your actions without exposing anything via
setters and getters, thus can leads to potential
security vulnerabilities. Any action’s setter can be used to set incoming
untrusted user’s value which can contain
suspicious expression. Some Struts <code class="language-plaintext
highlighter-rouge">Result</code>s automatically populate params based on values
in
@@ -561,6 +633,9 @@ with other known dangerous classes or packages in your
application.</p>
allowlisted classes and packages. By default, all required Struts classes are
allowlisted as well as any classes that
are defined in your <code class="language-plaintext
highlighter-rouge">struts.xml</code> package configurations.</p>
+<p>We highly recommend enabling the <a
href="#defining-and-annotating-your-action-parameters">parameter annotation</a>
capability to
+ensure any necessary parameter injection types are allowlisted, in addition to
its other benefits.</p>
+
<p>You can add additional classes and packages to the allowlist with:</p>
<ul>
@@ -569,8 +644,8 @@ are defined in your <code class="language-plaintext
highlighter-rouge">struts.xm
<code class="language-plaintext highlighter-rouge">startWith</code>. Note that
classes in subpackages are also allowlisted.</li>
</ul>
-<p>Generally, the only additional classes or packages you will need to
configure are those model classes that you wish to
-be constructed/manipulated by Struts form submissions (i.e. parameter
injected).</p>
+<p>Depending on the functionality of your application, you may not need to
manually allowlist any classes. Please monitor
+your application logs for any warnings about blocked classes and add them to
the allowlist as necessary.</p>
<h4 id="extensibility">Extensibility</h4>
